Spring unmodifiable View-/Display- Object - spring

I want to display data which i am getting from my db in a view. As far as i know, in case i set my objects in the model defined as #ModelAtttibute, the user will be able to manipulate the data. For example: if my model has the attribute "firstname", the user will be able to manipulate the value by accessing the attribute over a get parameter(...?firstname=blabla)
In this case the model attribute is used for displaying data and not for processing user input and accodingly i dont want the user to overwrite values.
Has anyone any solutions/pattern for solving this problem?

Related

How to use same model with less fields for another view in mvc5

My Question is not belonging to how to use two models on same razor view ! basically I have a user table in which i have fields like(userid,name,email,password,gender,country,department,IsActive) and my form is working fine i am able to insert update and delete i have not use EF , what i did i create the table in sql server and create the model in my model folder , in my view i have put the required field validator for all these columns and they are mandatory to input while inserting or updating.
Now I want to have another view with another controller where i do not want to show all 8 fields instead want to show just these four columns( username,email,gender,IsActive)
when i am using the same model for the other controller and view then it loads the record correctly on index view ,but when i update the required it fires validation error as all my fields are mark as required so it ask to input the rest of four fields value as well.
I have tried to remove these un-necessary fields from model in controller code before saving using Bind([Exclude]"""") but it did not work.
I have tried modelstate.remove("") this approach works fine for all fields but my password field is still throwing validation error . someone says you need to use viewmodel and in viewmodel you have to put both of your model like the full model and small model, I want to ask how my small model would be mapped to my user table (as table["tableName"] this cannot be applied to two models and pointing to same table without primary foriegn key relation .
Share example please i am confused
modelState.Remove("Password")
This remove all model values which are un-necessary but not removing the password field which gives error while updating the
You have required fields missing data or some fields are not null when being saved. What you are trying to do is completely ok. You are basically using a Virtual Model. This is what I do. In the "get", you fix your model and send it to the view. You work with it and then when you submit, you receive the model in the "post", but it is missing several REQUIRED fields. So what you need to do is, retrieve the same record from the database, update the 3 or 4 fields from the view model and then save that model that you retrieved with the new data. This is one way. (VM = view model)
1. send VM to view
2. add data in the view
3. submit
4. receive VM in POST Controller
5. get same record from DB
6. update the particular fields using the VM data
7. save the updated record to database. This is the record you retrieved in 5.
Another way is to have all the missing fields in the model but not showing them in the view. However you need to mention them in the view, otherwise they will not post. so you need to use
#Html.Hidefor( x=> x.NameOfField)
This will ensure that the field is sent back for posting. Any field with a [Required]... is required. You cannot miss it!
How will your small model be mapped to the Database. It will not. You will transfer the data from the small model to the model that is mapped in the database... with ALL the fields. Either you get the missing values from the database or from the view by using Hidefor.
example
dbmodel.Field1 = vm.field1;
dbmodel.Field2 = vm.field2;
dbmodel.Field3 = vm.field3;
I hope this helps

Prevent ignoring of some properties of Model by toJson overriding

When I save the records, I need the uid properties for the initial rows; because of I can assign a value each of them through the uid.
However, toJson overriding forces to ignore some properties like dirty, uid, etc...
How can I prevent this? Or How can I find a way to solve this?
You should not persist the uid on the backend or override it.
The uid is an internal mechanism used by Kendo UI to track its widgets and widget components to allow user interaction and component functionality. Each uid is generated dynamically every time the widget is rendered, so, attempting to do what your thinking of doing won't work.
The proper solution is you should assign your own unique id property to your records and persist it on the server/client. Then, when a change is made client-side, you post the record data along with its unique id, find the associated record by id in the backend database, and update the associated record data in the database.

How do I prevent a parse.com user from seeing parts of their user data? aka set ACL per field on User class?

I add new users.
Let's presume we add a field of 'additionaldata1' on the parse user class
I do NOT want the user to be able to see the data stored in 'additionaldata1' and as such don't want it returned when I query the current parse users.
Seeing as the code is a web.app I don't want it to be possible for a user to 'hack' the local code in order to bring back 'all' their user object data.
So my question is how do I ensure that certain fields such as 'additionaldata1' are NEVER returned on the parse.com user object? Do I have to set up an additional class that is related to the user but set the ACL as non-read? Or can I set ACL per field on the user class?
EDIT//
UPDATE: I believe I worked this out myself. It doesn't appear to be possible to set ACL per field on a class. As such I have to add this data into an additional class with a RELATION and then set the ACL on that class table to 'no read' and 'no write'. That way only cloud code can see the class values due to the master key and I can run any validation and queries via cloud code where I need that data to be secure / private from the user.
This case is mentioned in Parse Docs under one-to-one relational data https://www.parse.com/docs/relations_guide#onetoone_anchor.
They recommend that you split up the data into two tables and use a one-to-one:
In Parse, a one-to-one relationship is great for situations where you need to split one object into two objects. These situations should be rare, but two examples include:
Limiting visibility of some user data. In this scenario, you would split the object in two, where one portion of the object contains data that is visible to other users, while the related object contains data that is private to the original user (and protected via ACLs).
Splitting up an object for size. In this scenario, your original object is greater than the 128K maximum size permitted for an object, so you decide to create a secondary object to house extra data. It is usually better to design your data model to avoid objects this large, rather than splitting them up. If you can't avoid doing so, you can also consider storing large data in a Parse File.

Laravel Eager Loading and Form Model Binding

I have a User model and via Eager Loading i am loading also the Table Profile.
To Display it i just write $user->profile->nameOfTheProfilePropertyIWant just as normal.
Simple.
But how exactly do i use Form Model Binding now?
Normal i would use Form::text('nameOfTheUserPropertyIWant') for a User Property like an email. But i want to set in on a Property of the Profile like the location. (profile->location)
But how can i set it to an profile property?
You may do this (in a one-to-one relationship) using something like this:
Form::text('profile[location]')
In this case $user->profile->location will be populated in the given text box if an instance of User model is bound to the from using Form::model($user) with the related model profile.

In what file are values received from edit.php?

I'm creating a custom field called provinces where I have built a multi-select field. This field receives a JSON keyless object [3,4,5] from the database which I then apply to the input in getInput() in province.php. I have managed to this on the output, but I need to write any values selected back to the database.
Where can I get the values that are then passed back if the user selects other options (in the back-end form edit.php) in the multi-select?
In other words, where is the $_POST array received before either it is redirected back to the form (Save) or to the list page (Save & Close)?
Please correct me if I'm wrong.
Thanks in advance.
In the model for your form view, look for the function prepareTable. This is a good place to prepare/sanitize the data prior to saving.
If you want to process the data further after it is saved, you can use the function postSaveHook in your form controller.
Or you can of course also do something during save in the tables store function.

Resources